grubpass: GRUB (boot-loader) Password Adder for Ubuntu Linux

The “Boot loader” is a small program that helps your computer to load the operating system, properly. There are many boot loaders out there, some are proprietary (such as with Windows) and some are open-source. Concerning the GNU/Linux in general, there are few major ones, but because of its features and durability (I think), “GRUB” (stands for: “GRand Unified Bootloader”) is the one that’s widely used.

It lets you setup a multi-boot, add passwords to menu entries, pass advanced commands into the Kernel and a lot more. But one of its drawback is that you cannot add a password to the GRUB itself.

In that case, if you’re looking for a pretty user friendly, command-line based tool that lets you easily add/remove passwords into the GRUB boot-loader, then you should try this small tool called, “grubpass”.

This is “grubpass” running in the Terminal while setting up, I can’t provide any screenshots it running with GRUB as there’s no way to take a picture … But I’ve tested it and it works …

Please remember, GRUB is a primary and an extremely important aspect of your OS thus, even a simplest mistake can make your PC unbootable, so use it at your own risk.

But I did install it and added a password, removed it etc (to check if it’s working) and it worked perfectly well in my Ubuntu 11.10 installation. Still, if anything happens, please dudes (ladies included :D), don’t blame me :/.

Main features …

*. It guides you through the whole process so really easy to use.

*. Only supports GRUB 2.0 version and above, Ubuntu users don’t have to worry about this as of Ubuntu 9.10 and after uses the 2.0 version.

*. Both adding and removing passwords supported.

*. The tool secures the GRUB2 in two ways. First it’ll lock editing GRUB 2 menu entries and secondly whenever you click on a menu (to boot into for instance), it’ll prevent the system from booting, until you enter the password.

*. It achieves this by creating a user account for GRUB2. So after setting up, when booting, it will ask for both the user name and the password.

Well, that’s pretty much it!.

You can install “grubpass” in Ubuntu 11.10 Oneiric Ocelot by first downloading the “.deb” package from this official grubpass project page. Once the downloading completes, double click on the “.deb” file and Ubuntu Software Center should install it for you.

Now, I don’t know if the “.deb” package would work in older Ubuntu systems such as 12.04 Precise Pangolin, 11.04 Natty Narwhal, 10.10 or 10.04 for instance, if it doesn’t, then you can use its compressed archive (can be found in the above link) and use the executable inside it (you can find the execution instructions in the “read-me” file, don’t worry, it’s really ease to follow).

Adding a password to GRUB 2 …

Now this won’t be necessary for most users, but for the newbies :D, let me give a simple example on how to use it.

1. First open your Terminal and enter the below command to run it.

sudo grubpass

2. Now this should take you into the new “shell” running “grubpass” and if you want to get a simple “help” page that explains its commands (there aren’t many, 4-5), then use the below command.

help

As you can see with the above screenshot, it shows the commands that you need to use.

3. Anyhow, to add a password, just enter the below command.

setpassword

4. Then first, it’ll ask for a user name (as said before, it creates a user account for “GRUB2” and then applies all the restrictions to that user). So, enter a name (as shown below).

5. Now it’ll take you to the next step, where you’ll be asked to enter a password (as shown below). Now enter a password as well.

Make sure not to use a crazy password like mine though 😉 …

Remember, in all these steps, “grubpass” gives you “tips” (including common mistakes). Since no one wanna end up breaking Ubuntu’s heart and upset her, I mean for real 😉 … so please do read them.

6. Now after the user account creation is done, in the next step, it’ll ask you, what exactly that you want to protect?

Whether you’d like to protect the whole GRUB, either editing nor booting into (without the password) OR only want to protect menu entries such as “Recovery …”, “Memory Testing …” etc.

So make your selection and then enter the command before the description to activate it.

For instance, to secure “everything” I’ll the below command and then press the “enter” key.

all

7. Now the rest is pretty automatic as it’ll do everything all by itself.

And when everything in done, it’ll automatically exit you into the original Terminal prompt (after giving an output) as shown below.

How to remove the added password ?

Well, if you’ve had enough playing with it 😉 and need to disable/remove the password and restore the original GRUB 2 boot loader, then …

1. First open your Terminal and use the below command (again) to launch the utility.

sudo grubpass

2. Now enter the below command to remove the added entries.

recover

3. This will take you to a conformation prompt, type “yes” and press enter or “no” to cancel it.

4. When everything is done, it’ll give an output similar to below one (will change according to your configuration, such as other operating systems etc) and will exit.

Now do a reboot and the GRUB 2 password should be gone. That’s it!.

So as an ending note, for additional security, if you’ve been looking for an easy way to add password protection to the GRUB 2 boot loader in Ubuntu Linux (the compressed package should also work in Debian too), then “grubpass” is certainly a pretty awesome tool that deserves a little praise. Good luck and be careful.